0

I am new to PHP coding for a school project where I need to enter data but check for duplicate values

for now I am checking for email address and it does find the duplicate but does not accept the additional entry when I add addtional columns Mobile and Date values the code stops entering the data but says it is successful.

when I remove the columns for the DB and reduce the code to be only be first name last name email id it works.

Any suggestions on how I can get it to enter the data for Mobile and Date would be appreciated

Index 

<html>
<body>
    <form name="form" method="post" action="1process.php">
        <table>
            <tr>
                <td>First Name</td>
                <td><input type="text" name="fname" required pattern="[a-zA-Z]+" /></td>
            </tr>
            <tr>
                <td>Last Name</td>
                <td><input type="text" name="lname" required pattern="[a-zA-Z]+" /></td>

                        <tr>
                <td>Mobile</td>
                <td><input type="text" name="mobile" required pattern="[a-zA-Z]+" /></td>

            <tr>
                <td>Email Id</td>
                <td><input type="email" name="mail" required  /></td>
            </tr>


                        <tr>
                <td>Date</td>
                <td><input type="text" name="date" required pattern="[a-zA-Z]+" /></td>
                  </tr>



            <tr>
                <td></td>
                <td><input type="submit" name="submit" value="submit" /></td>
            </tr>




        </table>
    </form>



</body>


<?php

PHP process

<?php

$host = "localhost";
$user = "root";
$password = "";
$database = "SurfschoolDB";

$mysqli = new mysqli($host,$user,$password,$database);

$fname = $_POST['fname'];
$lname = $_POST['lname'];
$mobile = $_POST['mobile'];
$email = $_POST['mail'];
$date = $_POST['date'];

// Check connection
if ($mysqli -> connect_errno) {
  echo "Failed to connect to MySQL: " . $mysqli -> connect_error;
  exit();
}

// Perform query 
if ($result = $mysqli -> query("SELECT `email ID` FROM `customers` WHERE `email id` = '$email'")) {
  echo "Returned rows are: " . $result -> num_rows . "\n";
  $count = $result -> num_rows;
  echo $count . "\n";
  If ($count == 0) {
     $mysqli -> query("INSERT INTO `customers`(`First Name`, `Last Name`, 'Mobile', 'Date', `Email Id`) VALUES ('$fname', '$lname', '$mobile', '$date', '$email')");
     echo "Entered data successfully\n";
  } Else {
     echo "User already exists\n";
  $result -> free_result();
  }
}

`enter code here`$mysqli -> close();
?>
Strawberry
  • 33,750
  • 13
  • 40
  • 57
CodingNoob
  • 1
  • I appreciate that this is for a school project, but it's best to shake out of those bad habits as soon as possible. See about sql injection and the importance of prepared and bound queries – Strawberry Jan 11 '20 at 00:06
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Jan 11 '20 at 00:06
  • 2
    Tip: Column names with spaces in them are usually very annoying to use because they require special escaping. Whenever possible avoid that for your own sake. – tadman Jan 11 '20 at 00:06
  • 3
    Tip: To prevent duplicate values, add a `UNIQUE` index to prevent them at the database level. – tadman Jan 11 '20 at 00:07
  • 2
    Also your SELECT is essentially redundant, and even counterproductive. If you execute the INSERT against a UNIQUE indexed column, and it fails, then you anyway know that the row already exists. – Strawberry Jan 11 '20 at 00:08
  • You've used "email ID", "email id" and "Email Id" as the name of that field. Some databases will see those as three different field names. Consistency is important! – Greg Schmidt Jan 11 '20 at 01:28
  • You only assume that your queries are executed successfully, you never check! If you checked, you would know what went wrong: you encllosed some of your field names by single quotes as opposed to backticks. But you really should use a unique index to prevent duplicates. – Shadow Jan 11 '20 at 01:31

0 Answers0